As we discussed in the previous post, monitoring user behavior is the most important first step you can take to protect your organization against insider fraud losses.
Monitoring activity alone however isn’t enough. Employees intent on committing fraud quickly learn the limits of the safety controls that have been put in place and find a way to work around them. For example, bank employees know the transaction threshold that will set off red flags about potentially suspicious activity. To avoid detection it’s simply a matter of just siphoning off smaller amounts over a longer period of time. Devious—and very dangerous to your organization.
To more accurately identify fraud attempts it’s important to have context – and that’s where analytics come in. Employing an analytics engine in conjunction with monitoring will help you understand how the behavior of individuals compares to the normal behavior of other employees with similar roles. Take, for instance, a back-office employee who makes a query about accounts that have been inactive for 8-9 months (which is incidentally right before they’re automatically rendered dormant). In and of itself, that behavior seems reasonable enough. It’s not until you have a broader understanding of typical network traffic that you can see it as a potentially suspicious activity — someone with that role would never need to make that query.
With monitoring and analytics in place you’ll have a good handle on spotting the red flags that indicate your organization is at risk of employee fraud collusion. Next we’ll dig deeper into analyzing network activity to also include correlating activities between various channels and systems across the organization.
Boaz Krelbaum, founder of Intellinx, a leading provider of cyber fraud and risk management solutions, is currently General Manager of Cyber Fraud & Risk Management for Bottomline Technologies. He has deep experience developing solutions that protect organizations from internal and external fraud and data theft, including agent-less technology that captures data directly from the network and provides a detailed forensic audit trail.